Please help us continue to provide you with free, quality journalism by turning off your ad blocker on our site.

Thank you for signing in.

If this is your first time registering, please check your inbox for more information about the benefits of your Forbes account and what you can do next!

I agree to receive occasional updates and announcements about Forbes products and services. You may opt out at any time.

I'd like to receive the Forbes Daily Dozen newsletter to get the top 12 headlines every morning.

Forbes takes privacy seriously and is committed to transparency. We will never share your email address with third parties without your permission. By signing in, you are indicating that you accept our Terms of Service and Privacy Statement.

The videos include sensitive chats such as business meetings and sessions with therapists–and even nudity, the Washington Post reported. It’s a shocking revelation, so how on earth has this happened?

Unsecured cloud storage left Zoom videos exposed

It appears the Zoom videos, which were recorded through the app’s software, were saved to a storage space that wasn’t protected by a password. The recorded videos can be found by anyone searching online due to the way they were named by Zoom. The security researcher who found the issue, Patrick Jackson, found 15,000 examples when he scanned the unsecured cloud storage.

Zoom allows users who pay for the service to record meetings and save them to its own cloud service. These aren’t affected–rather, it’s videos saved to a person’s computer and then uploaded to a non-Zoom cloud service. When these services are left open, anyone can download the meetings–which themselves are easily searchable because they all have the same file name.

Now, you might think that Zoom isn’t at fault for this–surely it can’t help what people are doing when not using its own cloud service? Not exactly: Part of the problem is caused by the fact that Zoom does not force you to create a unique file name when saving videos. This is an issue that needs to be sorted out pretty quickly.

A Zoom spokesperson emailed me a statement, which reads: “Zoom notifies participants when a host chooses to record a meeting, and provides a safe and secure way for hosts to store recordings. Zoom meetings are only recorded at the host’s choice either locally on the host’s machine or in the Zoom cloud.

“Should hosts later choose to upload their meeting recordings anywhere else, we urge them to use extreme caution and be transparent with meeting participants, giving careful consideration to whether the meeting contains sensitive information and to participants' reasonable expectations.”

What Zoom users should do

So, after this latest security snafu, what should Zoom users do? It’s a difficult question, and unfortunately one that doesn’t have a straight answer. Lots of people need to use Zoom–it’s a highly functional platform–and if your boss, teacher or therapist uses it, you are at their mercy.

Zoom has seen a surge in user numbers over the past few months as COVID-19 left half the world working from home. The firm is trying to do better, but it’s important to try and take control of your own security and privacy too.

I'm a freelance cybersecurity journalist with over a decade’s experience writing news, reviews and features. I report and analyze breaking cybersecurity and privacy

…

I'm a freelance cybersecurity journalist with over a decade’s experience writing news, reviews and features. I report and analyze breaking cybersecurity and privacy stories with a particular interest in cyber warfare, application security and data misuse. Contact me at kate.oflaherty@techjournalist.co.uk.